MyClassNotes: Hacker101 CTF: Micro-CMS v2

Sunday, June 14, 2020

Hacker101 CTF: Micro-CMS v2 - Part 3

I didn't know what to do here. So, looked a hint which was

Credentials are secret, flags are secret. Coincidence?

I have no idea what it is but my guess is that secret credentials needs to be obtain to get this last flag. What options do I have? SQL injection to dump the database. The thing that we know by now is, there is a table called admins. I did a hit and trial with multiple cases

Trial 1
username: admin' OR '1' = '1
password: random
result: invalid password

Trial 2
username: user
password: random
result: invalid user

Conclusion at this point: There is a table admins with username and password column. Also, admin is one of the user in that username.

Trial 3
username: admin' OR 1=1--
password: random
result:

Traceback (most recent call last):
  File "./main.py", line 145, in do_login
    if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 255, in execute
    self.errorhandler(self, exc, value)
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
    raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1")

24 comments:

SantosSeptember 12, 2020 at 4:14 PM
very interesting. just found your site. I really like it. thanks for the content.
ReplyDelete
Replies
Hana BlakelyNovember 18, 2020 at 10:05 PM
Great piece of content after reading all this I'm feeling so overwhleming that I've gain some sort of knowledge from this page. Keep up the good work!! Thank YOU!
AirBolt Review
ReplyDelete
Replies
UnknownDecember 6, 2020 at 9:18 PM
Thanks for sharing this post.
ISO 27001 lead auditor training
ReplyDelete
Replies
HafeezriyasDecember 11, 2020 at 9:07 PM
Hi
Thank you so much for this wonderful article really pretty good!
ISO 27001 Consultants in Oman
ReplyDelete
Replies
No NameMarch 19, 2021 at 4:48 PM
**SELLING SSN+DOB FULLZ**

CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com

>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)

*Will reduce price if buying in bulk
*Hope for a long term business

FORMAT OF LEADS/FULLZ/PROS

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS

>Fresh Leads for tax returns & w-2 form filling
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY

''OTHER GADGETS PROVIDING''

>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords

Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040

THANK YOU
ReplyDelete
Replies
harveyspecterMarch 21, 2021 at 9:00 PM
This content is very nice...I am glad to thank you for sharing This nice content..iso-14001-2015-lead-auditor-training
ReplyDelete
Replies
coolbuddyMarch 30, 2021 at 10:27 PM
Really nice and informative..I found this blog very useful.for any ISO related queryISO Training in india
ReplyDelete
Replies
HafeezriyasMarch 31, 2021 at 10:15 PM
Thanks you for sharing this unique useful information content with us. Really awesome work... ISO 22000 Certification Qatar
ReplyDelete
Replies
coolbuddyApril 1, 2021 at 11:44 PM
Really nice and informative..I found this blog very useful.for any ISO related queryISO Training in INDIA
ReplyDelete
Replies
HafeezriyasApril 7, 2021 at 9:48 PM
Thanks you for sharing this unique useful information content with us. Really awesome work.. ISO 45001 Certification Qatar
ReplyDelete
Replies
mohamafApril 18, 2021 at 7:31 PM
It is really very helpful for us and I have gathered some important information from this blog. ISO 22000 Certification
ReplyDelete
Replies
UnknownApril 23, 2021 at 10:38 PM
Thanks for given detail information to me. keep posting like this. iso-14001
ReplyDelete
Replies
pritam kumarApril 23, 2021 at 10:42 PM
Thanks for given detail information to me. keep posting like this. iso-14001-certification
ReplyDelete
Replies
Digital SpotJuly 10, 2021 at 2:04 AM
Informative share you given here and help to perform well results in hacker.
-hestensolutions.com-
ReplyDelete
Replies
No NameFebruary 11, 2022 at 8:41 AM
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
(Spammed From Credit Bureau of USA)

=>Contact 24/7<=

Telegram> @killhacks
ICQ> 752822040

FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES

*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included

CC & CVV'S ONLY USA AVAILABLE

$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted

->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term

PLEASE DON'T ASK ANYTHING FOR FREE

TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING

(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo

*If you need a valid vendor it's very prime chance, you'll never be disappointed*

CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
ReplyDelete
Replies
AnonymousApril 17, 2022 at 9:11 AM
Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 3 >>>>> Download Now

>>>>> Download Full

Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 3 >>>>> Download LINK

>>>>> Download Now

Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 3 >>>>> Download Full

>>>>> Download LINK rn
ReplyDelete
Replies
Cool StuffMay 21, 2022 at 10:46 PM
LEGIT FULLZ & TOOLS STORE

Hello to All !

We are offering all types of tools & Fullz on discounted price.
If you are in search of anything regarding fullz, tools, tutorials, Hack Pack, etc
Feel Free to contact

***CONTACT 24/7***
**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wicker me > peeterhacks

"SSN LEADS/FULLZ AVAILABLE"
"TOOLS & TUTORIALS AVAILABLE FOR HACKING, SPAMMING,
CARDING, CASHOUT, CLONING, SCRIPTING ETC"

**************************************
"Fresh Spammed SSN Fullz info included"
>>SSN FULLZ with complete info
>>CC With CVV (vbv & non vbv) Fullz USA
>>FULLZ FOR SBA, PUA & TAX RETURN FILLING
>>USA I.D Photos Front & Back
>>High Credit Score fullz (700+ Scores)
>>DL number, Employee Details, Bank Details Included
>>Complete Premium Info with Relative Info

***************************************
COMPLETE GUIDE FOR TUTORIALS & TOOLS

"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
"FRAUD BIBLE"

"TOOLS & TUTORIALS LIST"
=>Ethical Hacking Ebooks, Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Fraud Bible
=>RAT
=>Keylogger & Keystroke Logger
=>WhatsApp Hacking & Hacked Version of WhatsApp
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Premium Logs (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc.)

*Serious buyers will always welcome
*Price will be reduce in bulk order
*Discount offers will give to serious buyers
*Hope we do a great business together

===>Contact 24/7<===
==>Telegram > @leadsupplier
==>ICQ > 752822040
==>Skype > Peeterhacks
==>Wicker me > peeterhacks
ReplyDelete
Replies
AnonymousFebruary 16, 2023 at 1:43 PM
What's Up Everyone

Fresh Databases available

CC's CVV's SSN
Pros High Credit Scores 700+
Fullz/Leads with SSN+DOB+DL
Dumps
EIN Leads
Bulk HQ Emails
Office365 Emails & Logs

>>>WA/Telegram +92 317 272 1122
>>>ICQ 752822040
>>>Skype/Wickr @peeterhacks
>>>Email exploit dot tools4u at gmail dot com

Quality Tools & Tutorials available for
HACKING|SPAMMING|CARDING|SPYING|CLONING|CASH-OUTS|TRANSFERS

Legit Fullz/Pros/Leads will be provided
Bulk quantity also
Invalid stuff will be replaced/No refund
BTC & USDT payments mode
Available 24/7

Feel Free to contact Guy's
ReplyDelete
Replies
AnonymousOctober 8, 2023 at 7:48 AM
We're providing fresh & valid info
USA UK CANADA AUS RU FR CHINA

FULLZ
LOAN METHODS
CARDING METHODS
TAX RETURN FILLING

===================================
Fresh spammed info available
===================================
*SSN DOB DL
*CC WITH CVV
*HIGH CS PROS
*DUMPS WITH PIN 101 & 202
*DL SCAN FRONT & BACK WITH SELFIE
*BUSINESS EIN FULLZ
*SPECIFIC STATE|ZIP|CITIES|GENDER FULLZ
*FULLZ FOR KYC/TAX RETURN/UI/PUA
*OFFICE365 LEADS & LOGINS
*PASSPORTS

FOR QUERY CONTACT
->Telegram @killhacks/@leadsupplier
->ICQ 752822040 / @killhacks
->Email hacksp007 @ DNMX.org
->WhatsApp (will be given on demand)

SSN DOB DL INFO
firstname+lastname+ssn+dob+dlnumber+dlstate+address+city+state+zip+phonehome+phonecell+email+netincome+employmentstatus+employername+phonework+bankname+routingno+accountno
Dora|Yotter Zayas|874646790|10/19/1955|Y362176558790|FL|4736 Grapevine Way|Davie|FL|33331|5052363136|8008526829|dzayas@legalclub.com|3250|benefits|n/a|n/a|8008526829|BANK OF AMERICA|5054473196|63100277

CC WITH CVV INFO
CCnumber+expmm+expyyyy+cvv+Fullname+Address+City+State+Zip+ssn+dob+phonenmuber
4266902012413017|12|23|223|Spencer D Olmstead|4394 Westminster pl|Columbus|Indiana|47201|315-02-6111|18/09/1981|8123432114

__________________________________________________________________________
TOOLS & TUTORIALS FOR HACKING|SPAMMING|CARDING|SCRIPTING|CLONING|CRACKING
__________________________________________________________________________

SMTP's|RDP's|SHELLS|BRUTES
C-PANELS|WEB-MAILERS|MAILERS|SENDERS
KEYLOGGERS|VIRUSES|RATS
KALI LINUX MASTER CLASS
SMTP LINUX ROOT
EMAIL's|I.P's|COMBOS|PROXIES
SPAMMING COMPLETE PACKAGE
SCAM PAGES|SCAM PAGE SCRIPTING
HACKING TOOLS & TUTORIALS
CC TOP UP METHODS
CC CHECKERS

Many other Tools & Tutorials we can provide on demand
Easy to learn & easy to earn
Guidance will be provided if needed
Tutorials & Methods will be up to date

*HIT ME UP FOR ORDER*
->Telegram @killhacks/@leadsupplier
->ICQ 752822040 / @killhacks
->Email hacksp007 @ DNMX.org
->WhatsApp (will be given on demand)
ReplyDelete
Replies
AnonymousSeptember 15, 2024 at 2:00 PM
INTERNET SCAM ALERT‼️

The internet today is full of SCAM ADS, mostly in comments of various sites and blogs. A large number of individuals have been victims of scam and lost a lot of money to SCAMMERS. Most of the common scam you can see are -:
❌BANK LOAN SCAM. ❌BINARY OPTIONS SCAM.
❌MONEY MULTIPLICATION SCAM. ❌HACKING SCAM. ❌GETTING DEGREE SCAM. ❌SHOPPING SCAM and lost more..........

But here is a good news to everyone who has been a victim of INTERNET SCAM❗️
You can get your money back from the scammer, and can even get more than what you lost, No Authorities will not been involve just the genius of our skill.

WHO ARE WE⁉️
We are PYTHONAX ! A group of skilled Hackers who have dedicated our time to helping individuals to get back thier money from INTERNET SCAMMERS. A research was carried out and an approximation of more than $3billion USD annually was said to be lost to INTERNET SCAM. This is so wrong and that’s why we have decided to help individuals get thier money.

HOW DO WE OPERATE⁉️
We use a RAT(Remote Access Trojan) to take over the SCAMMER(s) device(Phone or Computer) and take back your money by accessing their Bitcoin wallets or Bank Account. Most of this scammers use their Bitcoin to save money they get from SCAM activities. This is because Bitcoin keeps the money hidden from FINANCIAL INSTITUTIONS BOARD from getting to see the money they can’t give account for.

If you have been a Victim of INTERNET SCAM, then you should contact us via the Email below
Email-: pythonaxservices@gmail.com
pythonaxhacks@gmail.com
ReplyDelete
Replies

Add comment